The national security risk of secure software

Here is a new twist on the Bush Administration’s concern about national security, and their concern about open ports (ha ha). The AP reports that the US government is worried that their intrusion detection system of choice is about to be purchased by an Israeli company:

The contrast between the administration’s handling of the $6.8 billion Dubai ports deal and the Israeli company’s $225 million technology purchase offers an uncommon glimpse into the U.S. government’s choices to permit some deals but raise deep security concerns over others.

[…]

Under the sale, publicly announced Oct. 6, Check Point would own all Sourcefire’s patents, source-code blueprints for its software and the expertise of employees.

One might think this would be less of a problem for national security if Sourcefire were open source; however, the article first suggests that officials are concerned about the fate of Snort, but then that they prefer it because it is open source. Doesn’t that contradict? Here, you figure it out:

The objections by the FBI and Pentagon were partly over specialized intrusion detection software known as “Snort,” which guards some classified U.S. military and intelligence computers.

[…]

Sourcefire’s protection and monitoring technology builds on the popularity of Snort, which was created by its chief technology officer and is distributed free. Unlike Sourcefire’s commercial products, Snort’s blueprints are open for inspection to assure it works as advertised. This makes it popular inside the U.S. intelligence community, even alongside more mainstream security products from Cisco Systems Inc. or Juniper Networks Inc.

The funny thing I’ve noticed with Sourcefire is how annoyingly complex the management console tends to be, which sort of eliminates the value proposition over Snort. Even if you just want to apply the latest patch to a Sourcefire system you have to download the code to one system, then upload that code to the management console, then push the code out to the sensor, then notify the sensor to install the code that you just pushed. It tends to be a terribly slow and clumsy process that I have to explain over and over again when training someone on the system. Don’t get me wrong, I like the technical aspects of Sourcefire (mostly as it is still a derivative of Snort) and appreciate the system’s capabilities, but the GUI can be a real headache.

Anyway, I guess it says a lot that Checkpoint would rather extricate all of its software from the US government than forgoe the acquisition of Sourcefire or allow all of the code to be open, at least to governments.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.